From f1178da112f51e0da40c11c90069757e481cd631 Mon Sep 17 00:00:00 2001
From: Christian Schwede <cschwede@redhat.com>
Date: Wed, 21 Jun 2017 10:54:36 +0200
Subject: [PATCH] Fix iptables chain name used for UI forwarding

The chain IN_public_allow does not exist, which breaks the undercloud
deployment. Therefore changing it to the default INPUT chain, and doing
an insert to make sure the rules are executed before a final DROP/REJECT
rule on systems running firewalld.

Closes-Bug: 1699453
Change-Id: I32ce9ab5d7d8a4aa113d5f4f9ad95ea76ea8fc61
---
 roles/libvirt/setup/undercloud/tasks/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/libvirt/setup/undercloud/tasks/main.yml b/roles/libvirt/setup/undercloud/tasks/main.yml
index fe82df793..1690f7589 100644
--- a/roles/libvirt/setup/undercloud/tasks/main.yml
+++ b/roles/libvirt/setup/undercloud/tasks/main.yml
@@ -345,7 +345,8 @@
 #  - name: ensure the required tcp ports are open on the virthost
   - iptables:
       table: filter
-      chain: IN_public_allow
+      chain: INPUT
+      action: insert
       protocol: tcp
       match: tcp
       ctstate: NEW